- User Since
- Sep 17 2012, 3:16 AM (412 w, 2 d)
Mon, Aug 10
Sun, Aug 9
Looks reasonable to me, but I am not very familiar with the impacts of the additional casts. Do we lose some modeling power when we are using the regular constraint solver?
Fri, Aug 7
I think all the problems that left should be solved in a separate patch or even out of the scope for the GSoC.
Tue, Aug 4
Tue, Jul 28
I think adding code snippets that are affected by this patch would make it much easier to evaluate the changes and whether this is a good idea or not.
Thu, Jul 23
Tue, Jul 21
Mon, Jul 20
Wed, Jul 15
Tue, Jul 14
Jul 7 2020
Jun 30 2020
Yay! This looks good to me and I love statistics, so a huge +1.
I have one question though. Isn't this counting all the reports in an equivalence class? I.e. if the analyzer finds something multiple times it will only be displayed once but here it will be counted multiple times. I think it might be worth to have two statistics, one for all bug reports and one for equivalence classes. What do you think?
Jun 29 2020
The patch looks good to me and I find it a welcome change that should make things easier to understand and maybe even a bit more efficient, I hope this won't break ObjC :) My discussion with Artem is orthogonal to this change.
Jun 26 2020
Jun 25 2020
I always wondered if we actually need to track the liveness of exprs at all. We could just kill all subexpr at the end of the full expression without precomputing anything. But I might miss something.
The analyzer inlines small functions within a TU regardless of the thresholds. I think it would be sensible to do the same across TUs in the case we don't do this already.
Jun 24 2020
I only checked the test cases and the comments so far and it looks very useful and promising. I really hope that the performance will be ok :) I'll look at the actual code changes later.
Jun 14 2020
Jun 12 2020
I would not call the results of the measurement within the margin of error but the results do not look bad. Unless there is some objection from someone else I am ok with committing this but please change the title of revision before committing. When one says optimization we often think about performance. It should say something like reasoning about more comparison operations.
Jun 10 2020
Jun 6 2020
Please add the [analyzer] tag in front of your patches as some folks have automated scripts based on that tag to add themselves as subscriber/reviewer.
Jun 2 2020
May 29 2020
A high level comment.
May 26 2020
May 19 2020
Thanks for finding this bug! Adding some reviewers.
May 13 2020
May 8 2020
I still have some nits inline, but overall the implementation looks good to me.
I think, however, that we should not only focus on the implementation but on the high-level questions.
Is this the way forward we want? Can we do it more efficiently? What is the performance penalty of this solution?
Overall looks good to me some questions and nits inline.
May 7 2020
May 6 2020
I do agree that the warning message is not the best but it is not horrible either :)
Thanks for working on this, I do believe the analyzer would greatly profit from better constraint solving capabilities. Unfortunately, we had some troubles in the past trying to improve upon the current status and we had to revert multiple patches. This is why the community is super cautious when it comes to changes like this.
I am a bit unsure about this change. C libraries might be consumed in C++ projects and C++ projects might be free to overload those functions. Does the effort needed to specify the signatures justify not supporting that (probably unintentional) name collisions in C++?
This is cool!
I'd prefer to have this functionality committed together its first actual use with tests.
Also, I see no tests :)
If a given parameter in a FunctionDecl has a nonull attribute then the NonNull constraint in StdCLibraryFunctionsChecker has the same effect as NonNullParamChecker.
I am a bit unsure what the purpose of these Max summaries are? As far as I understand the Max represents the largest value for the type of the formal parameter.
I think testing summaries this way can be really hard to manage in the future.
I see two possible ways forward to make this easier:
a) Make something like https://reviews.llvm.org/D78118 that will also dump the actual summary in a textual form, not only the fact that a summary was loaded and check for that textual form.
b) Make a small helper library for testing summaries. E.g., most of the buffer handling functions have similar summaries, so we could have only a couple of functions for testing buffer related summaries and we could just pass in function pointers (as templates or params) instead of duplicating code. Similarly, testing output ranges could be generalized.
Overall looks good to me, I have one question inline.
May 4 2020
Apr 30 2020
Nice catch, LGTM!
Apr 29 2020
Overall the changes look good to me here. I had a small nit inline. But I wonder if we actually should add more code in the analyzer core to better model the sizes of memory regions corresponding to the VLAs.
Apr 24 2020
Apr 23 2020
Overall looks good for me, thanks for tackling this problem! I think this should be good to go once Eli's comment is fixed.
I think this should not be blocked on the gtest update. If getting an updated gtest into the repo takes to much time and the reviewers are happy, I'm fine with doing that change as a follow-up.
Actually, sorry. I just realized that the alignof problem is introduced by this patch. I'd love to see the solution committed together with this patch (it could be a separate patch but preferably, they should be committed together.)
Thanks! Having more tests is always welcome!
Thanks, this looks much better now.
Could you also update the description of the revision to match the current status? (E.g. type aliases are now supported.)
If you do not plan to solve the alignof issue in the near future, maybe it would be worth to also open a bug report.
Please wait for one more approval before commiting.
Apr 21 2020
Ok, looks good to me.
Apr 20 2020
One way to test this change would be to add a statistic that is bumped each time a path is refuted (a report to be refuted we need all of the paths refuted, so using refuted reports might not be fine-grained enough). We can test on some big projects if the refuted paths increase or decrease after the change.
Apr 19 2020
Mostly looks good to me. I do believe that this is an optimization but it would be nice to have a small benchmark :) In case it is too much work, I do not insist though.
As turned out we don't even need a BugReporterVisitor for doing the crosscheck.
We should simply use the constraints of the ErrorNode since that has all the necessary information.
Apr 16 2020
Apr 15 2020
I am not an expert when it comes to VLAs but I do see some problems here.
Mar 24 2020
Mar 22 2020
Mar 20 2020
- Address some review comments.
Mar 18 2020
Mar 17 2020
Added some more reviewers who might be interested.
Mar 11 2020
Mar 9 2020
I am not sure if I would call this a bugfix. Enabling a checker without one of its dependency will potentially cause the checker to misbehave. I am uncomfortable changing the current behavior to a more dangerous one without any diagnostics. Including the diagnostic with this patch should not make this too big.
If we disable the dependency of a checker explicitly I think we should at least emit a warning.
Mar 3 2020
Other than a nit looks good to me but wait for @NoQ before committing.
This might be a silly question but is CXXDeleteExpr the only way to invoke a deallocator? What would happen if the user would call it by hand? Should we expect ExprEngine to trigger a callback in that case?
Some nits inline.